Physical penetration testing is an assessment of the physical security controls of an organization. Much like traditional network penetration testing, you are measuring the security of a system, and in this case, it happens to be in the physical world. The consulting organization attempts to simulate a physical attacker on your premises to see how your security controls measure as well as the staff they encounter. While much of the focus of security programs rely on technical controls involving applications and networks, the physical space is often overlooked. Below are the top 3 ways I’ve been able to break into businesses with little effort.
1. Social Engineering (Tailgating)
The easiest way into a building is to simply ask. This often takes the form of a well-placed attacker holding a box, being on a cell phone, making small talk with an employee, or simply hanging out in the smoking area outside. I’ve merely knocked on non-main entrance doors and have been let inside with nothing more than a thank you.
Remediation steps for this attack style are scenario dependent and may require a mixture of controls. However, the following actions could significantly reduce your risk from this attack. Personnel should be required to wear a badge that’s always presented clearly, man traps or turn-stiles that only allow one person to enter at a time, actively monitor video surveillance, or route all traffic through a guarded workspace.
2. Badge Cloning
Another common attack vector is RFID (badge) cloning. It’s relatively cheap to create a badge cloner that can be concealed in a backpack or laptop bag. The perpetrator just needs to get relatively close to the badge, and it can copy the data off and clone it in a matter of seconds. Once the badge has been cloned, the attacker can simply badge into the same area as the victim.
Remediation against badge cloning is luckily straightforward. First, instructing users to keep their badges in an RFID blocking sleeve is effective. Organizations often give their employees RFID lanyards or sleeves for their badges that they remove when badging in to encourage RFID blocking technology used. Additionally, implementing multi-factor authentication in combination with badging is a best practice. Commonly this would be entering in a PIN or fingerprint scan while badging in.
3. Lock Bypassing
A common misconception is that lengthy lockpicking procedures are required to bypass locked areas. Instead, most modern attack methodologies focus on lock bypassing techniques that don’t require lockpicking. Some common examples are gaps within the door that allow attackers to use specialized tools that can be used to turn door handles or disengage latches with thin pieces of material such as credit cards. Or even engaging motion detection with compressed air.
There are multiple attack vectors in this realm and its situation in nature. Therefore, it’s a best practice to reduce gaps within doors and their jams, ensure proper installation of locks, install door handle guards, and actively monitor video surveillance.
TCM Security has a vast amount of experience in performing physical penetration testing and physical security walk-throughs and would love to answer any questions that you may have.
Penetration Testing - PCI Compliance - Auditing
See How We Can Secure Your Assets
Let’s talk about how TCM Security can solve your cybersecurity needs. Give us a call, send us an e-mail, or fill out the contact form below to get started.